<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>8 - General Questions</title>
<link rev=  "made"          href= "mailto:www@openbsd.org">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta name= "resource-type" content= "document">
<meta name= "description"   content= "the OpenBSD FAQ page">
<meta name= "keywords"      content= "openbsd,faq">
<meta name= "distribution"  content= "global">
<meta name= "copyright"     content= "This document copyright 1998-2007 by OpenBSD.">
</head>

<body bgcolor= "#ffffff" text= "#000000">

<a href="../index.html">
<img alt="[OpenBSD]" height=30 width=141 src="../images/smalltitle.gif" border="0">    
</a>
<p>
<font color= "#0000e0">
<a href= "index.html">[FAQ Index]</a>
<a href= "faq7.html">[To Section 7 - Keyboard and Display controls]</a>
<a href= "faq9.html">[To Section 9 - Migrating to OpenBSD]</a>
</font>

<h1><font color="#e00000">8 - General Questions</font></h1>
<hr>

<p>
<h3>Table of Contents</h3>
<ul>
<li><a href= "#LostPW"      >8.1 - I forgot my root password..... What 
  do I do now?</a>
<li><a href= "#X"           >8.2 - X won't start, I get lots of error 
  messages</a>
<li><a href= "#Programming" >8.3 - Can I use programming language "L"
  on OpenBSD?</a>
<li><a href= "#Ports"       >8.4 - What is the ports tree?</a>
<li><a href= "#Packages"    >8.5 - What are packages?</a>
<li><a href= "#PortsvsPkgs" >8.6 - Should I use Ports or Packages?</a>
<li><a href= "#NoFloppy"    >8.8 - Is there any way to use my floppy 
  drive if it's not attached during boot?</a>
<li><a href= "#Bootloader"  >8.9 - OpenBSD Bootloader (<i>i386, amd64 
  specific</i>)</a>
<li><a href= "#SKey"        >8.10 - Using S/Key on your OpenBSD 
  system</a>
<li><a href= "#SMP"         >8.12 - Does OpenBSD support SMP?</a>
<li><a href= "#TTY"         >8.13 - I sometimes get Input/output error 
  when trying to use my tty devices</a>
<li><a href= "#Browsers"    >8.14 - What web browsers are available
  for OpenBSD?</a>
<li><a href= "#mg"          >8.15 - How do I use the mg editor?</a>
<li><a href= "#ksh"         >8.16 - ksh(1) does not appear to read my 
  .profile!</a>
<li><a href= "#motd"        >8.17 - Why does my /etc/motd file get 
  written over when I modified it?</a>
<li><a href= "#wwwsolaris"  >8.18 - Why does www.openbsd.org run on 
  Solaris?</a>
<li><a href= "truetype.html">8.20 - Antialiased and TrueType fonts in 
  X</a>
<li><a href= "#Journaling"  >8.21 - Does OpenBSD support any journaling 
  filesystems?</a>
<li><a href= "#RevDNS"      >8.22 - Reverse DNS or Why is it taking so 
  long for me to log in?</a>
<li><a href= "#wwwnotstd"   >8.23 - Why do the OpenBSD web pages not conform to HTML4/XHTML?</a>
<li><a href= "#NTPerror"    >8.24 - Why is my clock off by twenty-some seconds?</a>
<li><a href= "#TimeZone"    >8.25 - Why is my clock off by several hours?</a>
</ul>

<hr> 

<p>
<a name= "LostPW"></a>
<h2>8.1 - I forgot my root password, what do I do now?</h2>

The basic process to regain root is to boot into single user mode, mount
the relevant partitions (<tt>/</tt> and <tt>/usr</tt>), run
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=passwd&amp;sektion=1">passwd(1)</a>
to change the root password.
You can then boot and login normally.

<p>
The detailed process:
<ul>
<li><b>Boot into single user mode.</b>
This part of the process varies from <a href="../plat.html">platform</a>
to platform.
For amd64 and i386 platforms, the <a href="faq14.html#Boot386">second
stage boot loader</a>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot&amp;sektion=8&amp;arch=i386">boot(8)</a>,
pauses for a few seconds to give you a chance to provide parameters to
the kernel.
This prompt looks like this:

<blockquote><pre>
probing: pc0 com0 com1 apm mem[636k 190M a20=on]
disk: fd0 hd0+
>> OpenBSD/i386 BOOT 2.10
boot>
</pre></blockquote>

At this point, enter "<tt>boot -s</tt>" to bring the system up in single
user mode:

<blockquote><pre>
boot> <b>boot -s</b>
</pre></blockquote>

Most other platforms send parameters to the kernel via the boot ROM.

<p>
Of course the problem before this will probably be getting the system to
shut down.
Most likely, this will involve hitting the reset button or the power
button.
While hardly desirable, there usually isn't any alternative.
Don't worry too much, OpenBSD's file system is very robust.

<li><b>Mount the partitions.</b>
Both "/" and <tt>/usr</tt> will need to be mounted read-write.
Assuming they are on separate partitions (as they should be), the 
following will work:

<blockquote><pre>
# <b>fsck -p / &amp;&amp; mount -uw /</b>
# <b>fsck -p /usr &amp;&amp; mount /usr</b>
</pre></blockquote>

<li><b>Run <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=passwd&amp;sektion=1">passwd(1)</a>
to change the root password.</b>
As you already have root privileges (from being in single-user mode), it
will not ask you to provide your current password.

<li><b>boot into multiuser mode.</b>
This can be done by either entering "CTRL-D" to resume the normal boot
process, or by entering the 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=reboot&amp;sektion=8">reboot(8)</a>
command.

</ul>

If this is a non-personal machine, you should probably use
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sudo&amp;sektion=8">sudo(8)</a>
to give multiple (trusted) people the ability to execute root commands.

<p>
<b>"Wait.  That looked too easy!  That isn't very secure!"</b>
If an attacker has physical access to your system, they win,
regardless of the OS on the computer.
There are ways to force the use of a password on single-user mode (see
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ttys&amp;sektion=5">ttys(5)</a>),
or eliminate the pause on i386/amd64 (see
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot.conf&amp;sektion=5&amp;arch=i386">boot.conf</a>),
but practically speaking, getting around those tricks is also pretty
easy (<i>One</i> way: boot floppy or CDROM, edit or replace password
file).
You can try to prevent that, but then someone will pull the hard 
disk out of your computer.
Making your computer difficult to manage properly isn't real security,
and if you don't have the physical machine secured, you have no real
security.

<p>
Note: many "remote management" systems give most of the functionality of
physical access to the computer, and that needs to be considered.
Don't tell yourself the system is secure if there is a way for an
attacker to grab console, insert a virtual floppy and force a reboot of
the machine.
They might as well have physical access to the system.
The console management system is likely not as secure as OpenBSD...

<p>
<a name= "X"></a>
<h2>8.2 - X won't start, I get lots of error messages</h2>

<p>
A common cause for X problems is the machdep.allowaperture
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&amp;sektion=8">sysctl(8)</a>
setting.
Since this defaults to being disabled on OpenBSD, 
this is a fairly likely cause of the problem.

<p>
You need to edit <i>/etc/sysctl.conf</i> and set 
<b>machdep.allowaperture=2</b> (or <b>1</b>, depending upon your
platform).
This will allow X to access the aperture driver,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xf86&amp;sektion=4">xf86(4)</a>,
upon the next reboot.
It can not be made available after boot.
This can also be set during install if you answer "Y" when you are asked
whether you expect to run the X Window System.

<p>
OpenBSD requires that the aperture driver be activated on alpha, amd64,
i386, macppc and sparc64 platforms to control access to the video
boards.
Other platforms use a safer way to handle the video system, and do not
need this (and do not have it in their kernel).
If you do not anticipate using X on your system, it is recommended that
you not enable the aperture driver.

<p>
For more information about configuring and using X on your platform, see
the <tt>/usr/X11R6/README</tt> file on your installed system.


<p>
<a name="Programming"></a>
<h2>8.3 - Can I use programming language "L" on OpenBSD?</h2>

You will find support for many common programming languages either
in the base system (more specifically in the <tt>baseXX.tgz</tt> and
<tt>compXX.tgz</tt> file sets), or in the
<a href="faq15.html">packages and ports system</a>.
It is recommended that you install the required file set or package
containing the specific compiler you want to use, instead of building it
from source.
For some compilers, building from source requires a lot of system
resources and is often unneeded unless you have specific needs or
there is <a href="faq15.html#NoPkg">no package available</a>.

<p>
The following table attempts to give an overview of compilers for different
languages, where you can find them, and whether there are any issues or
limitations with them.
Some of these are limited to certain platforms.
This can be seen either by examining a
<a href="faq15.html#PortsSearch">search result</a> through the ports tree,
and noting what is mentioned in "Archs", or by inspecting the port's
Makefile directly.
In the latter case, look for lines containing <tt>ONLY_FOR_ARCHS</tt>,
<tt>NOT_FOR_ARCHS</tt>, <tt>BROKEN</tt>, etc.

<p>
<b>Note:</b> For ease of use, this article provides an alphabetical list,
without distinguishing between different categories of programming
languages.
This is not a comprehensive list of everything that is available or can
be used on OpenBSD.
If you feel there are inaccuracies or issues which are not mentioned here,
feel free to <a href="../report.html">report</a> that.

<p>
<table border="1" style="empty-cells: show;">
<tr><td>Language</td><td>Where?</td><td>Notes</td></tr>

<tr valign="top">
<td rowspan="2">Awk</td>
<td><tt>base43.tgz</tt>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=awk&amp;sektion=1">awk(1)</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/gawk/?only_with_tag=OPENBSD_4_3">lang/gawk</a>
</td>
<td>GNU awk</td>
</tr>

<tr valign="top">
<td>C, C++</td>
<td><tt>comp43.tgz</tt>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc&amp;sektion=1">gcc(1)</a>
</td>
<td>The C/C++ compilers in the base system have been audited and they
have several security enhancements (e.g. ProPolice) enabled by default.
Please see
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gcc-local&amp;sektion=1">gcc-local(1)</a>
for details.
They will also emit warnings when using unsafe functions
such as sprintf(), strcpy(), strcat(), tmpnam(), etc.
Note that most platforms use gcc 3.3.5, but some still use 2.95.3.
</td>
</tr>

<tr valign="top">
<td>C, C++</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/gcc/?only_with_tag=OPENBSD_4_3">lang/gcc</a>
</td>
<td>These compilers have not gone through the security audit and do not
contain security enhancements like those in the base system.
The compilers are renamed <tt>egcc</tt>, <tt>eg++</tt>, etc. to avoid
confusion with their counterparts in the base system.
</td>
</tr>

<tr valign="top">
<td>Caml</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/ocaml/?only_with_tag=OPENBSD_4_3">lang/ocaml</a>
</td>
<td>Objective Caml</td>
</tr>

<tr valign="top">
<td>COBOL</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/open-cobol/?only_with_tag=OPENBSD_4_3">lang/open-cobol</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>Erlang</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/erlang/?only_with_tag=OPENBSD_4_3">lang/erlang</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td rowspan="2">Fortran</td>
<td><tt>comp43.tgz</tt>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=g77&amp;sektion=1">g77(1)</a>
</td>
<td>Only Fortran 77 support.</td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/gcc/?only_with_tag=OPENBSD_4_3">lang/gcc</a>
</td>
<td>Fortran 95 is also supported by <tt>egfortran</tt> in gcc 4.0 and above.
This new compiler is available as a subpackage (g95) of gcc.
</td>
</tr>

<tr valign="top">
<td rowspan="2">Haskell</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/ghc/?only_with_tag=OPENBSD_4_3">lang/ghc</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/nhc98/?only_with_tag=OPENBSD_4_3">lang/nhc98</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td rowspan="5">Java</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/jdk/?only_with_tag=OPENBSD_4_3">devel/jdk</a>
</td>
<td>Sun JDK - no packages available; see build instructions below.</td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/classpath/?only_with_tag=OPENBSD_4_3">lang/classpath</a>
</td>
<td>essential core class libraries for Java</td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/kaffe/?only_with_tag=OPENBSD_4_3">lang/kaffe</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/jikes/?only_with_tag=OPENBSD_4_3">lang/jikes</a>
</td>
<td>
Fast compiler, works well.
This needs a "run-time jar", the bytecode version of all the standard API.
</td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/eclipse/?only_with_tag=OPENBSD_4_3">devel/eclipse</a>
</td>
<td>Large IDE; works with Sun JDK</td>
</tr>

<tr valign="top">
<td>Lisp</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/clisp/?only_with_tag=OPENBSD_4_3">lang/clisp</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>Lua</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/lua/?only_with_tag=OPENBSD_4_3">lang/lua</a>
</td>
<td>Additional Lua libraries and auxiliary utilities are available in the
ports tree.</td>
</tr>

<tr valign="top">
<td>Perl</td>
<td><tt>base43.tgz</tt>,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&amp;sektion=1">perl(1)</a>
</td>
<td>Many Perl modules are available in the ports tree, so search there first
before installing modules from CPAN.</td>
</tr>

<tr valign="top">
<td rowspan="2">PHP</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/www/php4/?only_with_tag=OPENBSD_4_3">www/php4</a>
</td>
<td rowspan="2">
Plenty of subpackages are available for different PHP modules.
</td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/www/php5/?only_with_tag=OPENBSD_4_3">www/php5</a>
</td>
</tr>

<tr valign="top">
<td>Prolog</td>
<!-- this port is broken
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/gprolog/?only_with_tag=OPENBSD_4_3">lang/gprolog</a>
</td> 
<td>GNU Prolog compiler.</td>
</tr>

<tr valign="top">
-->
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/swi-prolog/?only_with_tag=OPENBSD_4_3">lang/swi-prolog</a>
</td> 
<td>SWI-Prolog environment.</td>
</tr>

<tr valign="top">
<td>Python</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/python/?only_with_tag=OPENBSD_4_3">lang/python</a>
</td>
<td>Other ports are using Python 2.5 by default.</td>
</tr>

<tr valign="top">
<td>Ruby</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/ruby/?only_with_tag=OPENBSD_4_3">lang/ruby</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td rowspan="4">Scheme</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/chicken/?only_with_tag=OPENBSD_4_3">lang/chicken</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/scheme48/?only_with_tag=OPENBSD_4_3">lang/scheme48</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/scm/?only_with_tag=OPENBSD_4_3">lang/scm</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/shells/scsh/?only_with_tag=OPENBSD_4_3">shells/scsh</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>Smalltalk</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/squeak/?only_with_tag=OPENBSD_4_3">lang/squeak</a>
</td>
<td></td>
</tr>

<tr valign="top">
<td>Tcl</td>
<td>
<a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/tcl/?only_with_tag=OPENBSD_4_3">lang/tcl</a>
</td>
<td></td>
</tr>

</table>

<h3>Building the Sun JDK</h3>

Due to Sun's restrictive SCSL license, OpenBSD cannot ship binary packages
for the JDK.
This means you will have to build it from ports.
Note that you will need plenty of RAM for this build to succeed.

<p>
The JDK ports are in the <tt>devel/jdk</tt> subdirectory of the ports tree.
You can choose among different versions, each in their own subdirectory.
When you just type <tt>make</tt>, you will see a message asking you to
to fetch the source files manually from Sun's website.
Before you can do that, you need to register on that website, and agree
with the license.
That's why the ports framework cannot start the download automatically.

<p>
Once you have downloaded the necessary distribution files and patch sets,
copy them to the <tt>/usr/ports/distfiles</tt> directory.
You will also need to have X installed on your system.
Start the build by issuing <tt>make</tt> in the port's subdirectory.

<p>
The JDK requires a working Java 2 compiler as a bootstrap to build.
For this purpose, since OpenBSD 4.0, the port of JDK 1.5 uses kaffe,
which allows JDK 1.5 to be used on both i386 and amd64 platforms,
and reduces the build time considerably.

<p>
Older versions of the JDK still require a Linux version of the JDK.
Linux emulation on OpenBSD is restricted to i386 systems, and so these
older JDK versions will build only on i386.
The ports framework should take care of installing the necessary files
and setting <tt>kern.emul.linux=1</tt>.
For more information, please read about Linux emulation in the
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=compat_linux&amp;sektion=8">compat_linux(8)</a>
manual page, and also
<a href="faq9.html#Interact">FAQ 9 - Running Linux binaries on OpenBSD</a>.
Note that this Linux emulation is only required during the build of the
JDK, which results in a native OpenBSD JDK.
<b>You do not need Linux emulation to work with the native JDK.</b>

<p>
After many hours, the build will finish.
Just continue with <tt>make install</tt> to install the JDK.

<p>
If you run into errors such as
"Could not reserve enough space for object heap",
try increasing your processes' memory limits using
the shell's built-in <tt>ulimit</tt> command, with the <tt>-d</tt> flag.

<h3>Other development tools</h3>

Additionally, there are many other development tools available within
the base system or as packages or ports. A few examples:
<ul>
<li>Unix shells: ksh and csh in the base system, many others (e.g. zsh, tcsh)
in the <tt>shells</tt> subdirectory of the ports tree.
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lint&amp;sektion=1">lint(1)</a>:
a C program verifier, which has been substantially improved from versions 
before OpenBSD 3.9.
Linted versions of system libraries are also provided.
<li>"make" utilities: the traditional BSD
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=make&amp;sektion=1">make(1)</a>
program is in the base system, and the ports tree contains other flavors
which are required to compile some software.
<li>Graphical toolkits: many popular graphical toolkits (e.g. GTK+, Tk, Qt,
wxWidgets, ...) have been ported to OpenBSD.
They can be found in the <tt>x11</tt> subdirectory of the ports tree.
<li>Version control systems: GNU CVS as used by the OpenBSD project is in
the base system, and the ports tree contains a few others.
Watch for the new <a href="http://www.opencvs.org">OpenCVS</a> which
is being developed.
</ul>


<p>
<a name= "Ports"></a>
<h2>8.4 - What is the ports tree?</h2>
Please see <a href="faq15.html#Ports">FAQ 15, Working with ports</a>.

<p>
<a name= "Packages"></a>
<h2>8.5 - What are packages?</h2>
Please see <a href="faq15.html#PkgMgmt">FAQ 15, Package management</a>.

<p>
<a name="PortsvsPkgs"></a>
<h2>8.6 - Should I use Ports or Packages?</h2>
Please see <a href="faq15.html#Intro">FAQ 15</a>.

<p>
<a name= "NoFloppy"></a>
<h2>8.8 -  Is there any way to use my floppy drive if it's not attached 
during boot?</h2>

<p>
You need to set the kernel to always assume the floppy is attached, even
if not detected during the hardware probe, by setting the 0x20 flag bit
on
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fdc&amp;sektion=4">fdc(4)</a>.

This can be done by using 
<a href="faq5.html#BootConfig">User Kernel Config</a> or
<a href="faq5.html#config">config(8)</a> to alter your kernel, 

<blockquote><pre>
# <b>config -e -f /bsd</b>
OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
    deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
Enter 'help' for information
ukc> <b>change fd*</b>
254 fd* at fdc0 drive -1 flags 0x0
change [n] <b>y</b>
drive [-1] ? <b><i>ENTER</i></b>
flags [0] ? <b>0x20</b>
254 fd* changed
254 fd* at fdc0 drive -1 flags 0x20
ukc> <b>q</b>
Saving modified kernel.
#
</pre></blockquote>

<p>
<a name= "Bootloader"></a>
<h2>8.9 - OpenBSD Bootloader (<i>i386, amd64 specific</i>)</h2>

<p>
When booting your OpenBSD system, you have probably noticed the boot
prompt.

<p>
<blockquote>
boot&gt;
</blockquote>

<p>
For most people, you won't have to do anything here. It will
automatically boot if no commands are given. But sometimes problems
arise, or special functions are needed. That's where these options will
come in handy. To start off, you should read through the
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot&amp;sektion=8&amp;arch=i386">boot(8)</a>
man page. Here we will go over the most common used commands for the
bootloader.

<p>
To start off, if no commands are issued, the bootloader will
automatically try to boot <strong>/bsd</strong>. If that fails it will
try <strong>/obsd</strong>, and if that fails, it will try
<strong>/bsd.old</strong>. You can specify a kernel by hand by typing:

<blockquote><pre>
boot&gt; <strong>boot hd0a:/bsd</strong>
</pre></blockquote>

or

<blockquote><pre>
boot&gt; <strong>b /bsd</strong>
</pre></blockquote>

<p>
This will boot the kernel named <tt>bsd</tt> from the 'a' partition of
the first BIOS recognized hard disk.

<p>
Here is a brief list of options you can use with the OpenBSD kernel.
<ul>
<li><strong>-a</strong> : This will allow you to specify an alternate
  root device after booting the kernel.
<li><strong>-c</strong> : This allows you to enter the boot time
  configuration. Check the <a href="faq5.html#BootConfig">Boot Time
  Config</a> section of the FAQ.
<li><strong>-s</strong> : This is the option to boot into single user
  mode.
<li><strong>-d</strong> : This option is used to dump the kernel into
  ddb. Keep in mind that you must have DDB built into the kernel.
</ul>

<p>
These are entered in the format of:
<strong>boot [ image [-acds]]</strong>

<p>
For further reading you can read
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=boot&amp;sektion=8&amp;arch=i386">boot(8)'s
man page</a>.

<p>
<a name= "SKey"></a>
<h2>8.10 - S/Key</h2>

<p>
S/Key is a ``one-time password'' authentication system.
It can be useful for people who don't have the ability to use an encrypted
channel which protects their authentication credentials in transit, as can
be established using
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>.

<p>
<b>WARNING:</b>
One-time password systems only protect authentication information.
They do not prevent network eavesdroppers from gaining access to private
information. Furthermore, if you are accessing a secure system A, it is
recommended that you do this from another trusted system B, to ensure nobody
is gaining access to system A by logging your keystrokes or by
capturing and/or forging input and output on your terminal devices.

<p>
The S/Key system generates a sequence of one-time (single use) passwords
from a user's <i>secret passphrase</i> along with a challenge received from
the server, by means of a secure <i>hash function</i>.
The system is only secure if the secret passphrase is never transferred
over the network.
Therefore <b>initializing or changing your secret passphrase MUST be done
over a secure channel</b>, such as
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a>
or the console.

<p>
OpenBSD's S/Key implementation can use a variety of algorithms
as the one-way hash function. The following algorithms are available:

<ul>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md4&amp;sektion=3">md4</a>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=md5&amp;sektion=3">md5</a>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sha1&amp;sektion=3">sha1</a>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rmd160&amp;sektion=3">rmd160</a>.
</ul>

<h3>Setting up S/Key - The first steps </h3>

<p>
To start off the directory <i>/etc/skey</i> must exist. If this directory is
not in existence, have the super-user create it. This can be done simply
by doing:

<blockquote><pre>
<strong># skeyinit -E</strong>
</pre></blockquote>

<p>
Once that directory is in existence, you can initialize your S/Key.
To do this you must use
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyinit&amp;sektion=1">skeyinit(1)</a>.
Since skeyinit(1) will be asking you for your S/Key secret passphrase,
you must run this <b>over a secure channel</b>, as explained above!
The program will even remind you of this.
With skeyinit(1), you will first be prompted for your password to the
system. This is the same password that you used to log into the system.
Once you have authorized yourself with your system password, you will be
asked for your S/Key secret passphrase.
This is <b>NOT</b> your system password.
Your secret passphrase must be at least 10 characters.
We suggest using a memorable phrase containing several words as the
secret passphrase.  Here is an example user being added.


<blockquote><pre>
$ <strong>skeyinit</strong>
Reminder - Only use this method if you are directly connected
           or have an encrypted channel.  If you are using telnet,
           exit with no password and use skeyinit -s.
Password:
[Adding ericj with md5]
Enter new secret passphrase:
Again secret passphrase:

ID ericj skey is otp-md5 100 oshi45820
Next login password: HAUL BUS JAKE DING HOT HOG
</pre></blockquote>
<p>
One line of particular importance in here is <i>ID ericj skey is otp-md5
100 oshi45820</i>. This gives a lot of information to the user. Here is a
breakdown of the sections and their importance.

<ul>
<li><i>otp-md5</i> - This shows which one-way hash was used to create your 
  One-Time Password (otp).
<li><i>100</i> - This is your sequence number. This is a number from 100 
  down to 1. Once it reaches one, another secret passphrase must be 
  created by running
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyinit&amp;sektion=1">skeyinit(1)</a>.
<li><i>oshi45820</i> - This is the key.
</ul>

<p>
But of more immediate importance is your one-time password. Your one-time
password consists of 6 small words, combined together this is your one-time
password, spaces and all.
The one-time password printed by skeyinit cannot be used to login
(there is a usage for this first one-time password, see
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyinit&amp;sektion=1">skeyinit(1)</a>).
To be able to log in, a one-time password corresponding to the challenge printed
by the login process has to be computed using 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&amp;sektion=1">skey(1)</a>. The next section will show how to do that.

<h3>Actually using S/Key to login.</h3>

<p>
By now your skey has been initialized.
You're ready to login. Here is an example session using S/Key to
login.
To perform an S/Key login, you append <b>:skey</b> to your login
name.

<blockquote><pre>
$ <strong>ftp localhost</strong>
Connected to localhost.
220 oshibana.shin.ms FTP server (Version 6.5/OpenBSD) ready.
Name (localhost:ericj): ericj:skey
331- otp-md5 96 oshi45820
331 S/Key Password: 
230- OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
230-
230- Welcome to OpenBSD: The proactively secure Unix-like operating system.
230-
230- Please use the sendbug(1) utility to report bugs in the system.
230- Before reporting a bug, please try to reproduce it with the latest
230- version of the code.  With bug reports, please try to ensure that
230- enough information to reproduce the problem is enclosed, and if a
230- known fix for it exists, include that as well.
230-
230 User ericj logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp&gt; quit
221 Goodbye.
</pre></blockquote>

<p>
Note that I appended ":skey" to my username.  This tells ftpd that I
want to authenticate using S/Key.  Some of you might have noticed that
my sequence number has changed to <i>otp-md5 96 oshi45820</i>. This is
because by now I have used S/Key to login several times. But how do you
get your one-time password? Well, to compute the one-time password, you'll
need to know what sequence number you're using and your key. As you're
probably thinking, how can you remember which sequence number you're on?

<p>
When you are logging in, the login process prints a line containing
the needed information, which you can use to generate a one-time password
on the spot using another trusted computer accesses by a secure channel,
by copy-pasting the line into a command shell:
<blockquote><pre>
otp-md5 96 oshi45820
</pre></blockquote>

<p>
After typing your passphrase, your one-time password will be printed,
which you can then copy-paste to the S/Key Password prompt to log in.
Not only is <i>otp-md5</i> a description of the hash used, it is also
an alternate name for the 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skey&amp;sektion=1">skey(1)</a> 
command.


<p>
If you already are logged in and want to generate a one-time password
for the next login, use 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=skeyinfo&amp;sektion=1">skeyinfo(1)</a>,
it will tell you what to use for the next login.
For example here, I need to generate another one-time password for a login
that I might have to make in the future.  (remember I'm doing this
from a secure channel).

<blockquote><pre>
$ <strong>skeyinfo</strong>
95 oshi45820
</pre></blockquote>

<p>
An even better way is to use <strong>skeyinfo -v</strong>, which outputs
a command suitable to be run in the shell.  For instance:

<blockquote><pre>
$ <strong>skeyinfo -v</strong>
otp-md5 95 oshi45820
</pre></blockquote>

<p>
So, the simplest way to generate the next S/Key password is just:

<blockquote><pre>
$ <strong>`skeyinfo -v`</strong>
Reminder - Do not use this program while logged in via telnet.
Enter secret passphrase:
NOOK CHUB HOYT SAC DOLE FUME
</pre></blockquote>

<p>
Note the backticks in the above example.

<p>
I'm sure many of you won't always have a secure connection or a
trusted local computer to create these passwords, and creating them
over an insecure connection isn't feasible, so how can you create
multiple passwords at one time? You can supply skey(1) with a
number of how many passwords you want created.  This can then be
printed out and taken with you wherever you go.

<blockquote><pre>
$ <strong>otp-md5 -n 5 95 oshi45820</strong>
Reminder - Do not use this program while logged in via telnet.
Enter secret passphrase:
91: SHIM SET LEST HANS SMUG BOOT
92: SUE ARTY YAW SEED KURD BAND
93: JOEY SOOT PHI KYLE CURT REEK
94: WIRE BOGY MESS JUDE RUNT ADD
95: NOOK CHUB HOYT SAC DOLE FUME
</pre></blockquote>

<p>
Notice here though, that the bottom password should be the first used,
because we are counting down from 100.

<h4>Using S/Key with ssh(1) and telnet(1)</h4>

<p>
Using S/Key with ssh(1) or telnet(1) is done in pretty much
the same fashion as with ftp--you simply tack ":skey" to the end of your
username.
Example:

<blockquote><pre>
$ <strong>ssh -l ericj:skey localhost</strong>
otp-md5 98 oshi45821
S/Key Password: <strong>SCAN OLGA BING PUB REEL COCA</strong>
Last login: Thu Apr  7 12:21:48 on ttyp1 from 156.63.248.77
OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008

Welcome to OpenBSD: The proactively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.

You have mail.
$
</pre></blockquote>

<p>
<a name= "SMP"></a>
<h2>8.12 - Does OpenBSD support SMP?<br>
(Symmetric Multi-Processor)</h2>

<p>
SMP is supported on the 
<a href="../i386.html">OpenBSD/i386</a>,
<a href="../amd64.html">OpenBSD/amd64</a>,
<a href="../mvme88k.html">OpenBSD/mvme88k</a>,
and
<a href="../sparc64.html">OpenBSD/sparc64</a>
platforms.

<p>
A separate SMP kernel, "<tt>bsd.mp</tt>", is provided with the install 
file sets, which can be selected at install time.
It is suggested that you test booting this kernel before renaming it to
"<tt>bsd</tt>" to make it your default kernel.

<p>
It is hoped that other SMP-capable platforms will be supported in the
future.
On most other platforms, OpenBSD will run on an SMP system, but only utilizing
one processor.  The exception to this is the
<a href="../sparc.html">SPARC</a> platform --
OpenBSD/sparc will sometimes require that extra MBus modules be removed
for the system to boot.

<p>
Support for the UltraSPARC T1 processors is in 4.3-current.

<p>
<a name= "TTY"></a>
<h2>8.13 - I get Input/output error when trying to use my tty devices</h2>
<p>
You need to use /dev/cuaXX for connections initiated from the OpenBSD
system, the /dev/ttyXX devices are intended only for terminal or dial-in
usage.  While it was possible to use the tty devices in the past, the
OpenBSD kernel is no longer compatible with this usage.

<p> From 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cua&amp;sektion=4">cua(4)</a>:
<p>
For hardware terminal ports, dial-out is supported through matching
device nodes called calling units.  For instance, the terminal called
/dev/tty03 would have a matching calling unit called /dev/cua03. These
two devices are normally differentiated by creating the calling unit
device node with a minor number 128 greater than the dial-in device
node.  <i>Whereas the dial-in device (the tty) normally requires a
hardware signal to indicate to the system that it is active, the
dial-out device (the cua) does not, and hence can communicate unimpeded
with a device such as a modem</i>.  This means that a process like
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getty&amp;sektion=8">getty(8)</a>
will wait on a dial-in device until a connection is established.
Meanwhile, a dial-out connection can be established on the dial-out
device (for the very same hardware terminal port) without disturbing
anything else on the system.  The
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getty&amp;sektion=8">getty(8)</a>
process does not even notice that anything is happening on the
terminal port.  If a connecting call comes in after the dial-out connection
has finished, the
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getty&amp;sektion=8">getty(8)</a>
process will deal with it properly, without having noticed the
intervening dial-out action.

<a name="Browsers"></a>
<h2>8.14 - What web browsers are available for OpenBSD? </h2>
<!-- XXXverify for each release -->
<p>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&amp;sektion=1">Lynx</a>,
a text-based browser, is in the base system, and has SSL support.
Other browsers in the <a href="#Ports">ports tree</a>, include (in
no particular order):

<p>
<b>Graphical (X) Browsers</b>
<ul>
 <li><a href="http://www.konqueror.org/">Konqueror</a>
   Installed as part of the <a href="http://www.kde.org/">KDE desktop environment</a>.
 <li><a href="http://www.konqueror.org/embedded.html">Konqueror-embedded</a>
   (konq-e) Konqueror, using only the KDE libraries rather than all of KDE.
 <li><a href="http://links.twibright.com/">Links+</a>
   Another fast and small graphical browser. (Also has a text-only mode)
 <li><a href="http://www.mozilla.org/products/firefox/">Firefox</a>
   and <a href="http://www.mozilla.org/projects/seamonkey/">SeaMonkey</a>
   Feature-filled browsers. SeaMonkey includes many non-browser
   features (mail client, IRC client, etc.), Firefox is just a browser,
   based on Mozilla. They work on many architectures.
 <li><a href="http://www.opera.com/">Opera</a> Commercial browser, i386
   only (requires Linux emulation).
 <li><a href="http://www.w3.org/Amaya/">Amaya</a> The W3C's browser and editor.
</ul>

<p>
<b>Console (Text mode) Browsers</b>
<ul>
 <li><a href="http://elinks.cz/">elinks</a> Feature-rich, can render
   both frames and tables, highly customizable.
 <li><a href="http://www.w3m.org/">w3m</a> Has table and frame
   support (also has a graphical mode). 
 <li><a href="http://artax.karlin.mff.cuni.cz/~mikulas/links/">links</a>
   Has table support.
</ul>

<p>
You will find all these in the <a href="faq15.html">packages
collection</a>.  All the above mentioned browsers are
located in <tt>/usr/ports/www/</tt> after the installation of the ports
tree.  Most are also available as pre-compiled 
<a href="faq15.html#PkgMgmt">packages</a>, available on the 
<a href="../ftp.html">FTP servers</a> and on the 
<a href="../orders.html">CD-ROM</a>.  As most of the graphical browsers
are very large and require quite some time to download and compile, 
one should <i>seriously</i> <a href="#PortsvsPkgs">consider</a> the
use of packages where available.


<p>
<a name= "mg"></a>
<h2>8.15 - How do I use the mg editor?</h2>
<p>
Mg is a micro Emacs-style text editor included in OpenBSD.  Micro means that it's small
(Emacs is very large!) For the basics, read the 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mg&amp;sektion=1">mg(1)</a>
manual page and the 
<a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/mg/tutorial?rev=1.2">tutorial</a>,
as included with the source code.  For more interesting questions (such
as, "I don't have a Meta key!") check out the
<a href="http://www.gnu.org/software/emacs/emacs-faq.html">Emacs FAQ</a>.  

<p>
Note that since mg is a small Emacs implementation, which is mostly
similar to the text editor features of Emacs 17, it does not implement
many of Emacs' other functionality.  (Including mail and news
functionality, as well as modes for Lisp, C++, Lex, Awk, Java, etc...)

<p>
<a name= "ksh"></a>
<p>
<h2>8.16 - ksh(1) does not appear to read my <tt>.profile!</tt></h2>
<p>
There are two likely reasons for 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&amp;sektion=1">ksh(1)</a>
to seemingly ignore a user's <tt>.profile</tt> file.
<ul>
<li><tt>.profile</tt> is not owned by the user.
To fix for <b>username</b>,
<p>
 <blockquote><tt>
 # <b>chown username ~username/.profile</b>
 </tt></blockquote>
<p>
<li>You are using ksh(1) from within X Window System
<p>
Under 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xterm&amp;sektion=1">xterm(1)</a>,
argv[0] for ksh(1) is not prepended with a
dash ("-").  Prepending a dash to argv[0] will cause csh(1) and ksh(1)
to know they should
interpret their login files.
(For csh(1) that's <tt>.login</tt>, with a separate <tt>.cshrc</tt>
that is always run when
csh(1) starts up.  With ksh(1), this is more noticeable because there is only
one startup script, <tt>.profile</tt>.  This file is ignored unless the shell is
a login shell.)
<p>
To fix this, add the line "<tt>XTerm*loginShell: true</tt>"
to the file <tt>.Xdefaults</tt> in your home directory.  Note, this file
does not exist by default, you may have to create it.
<p>
 <blockquote><tt>
 $ <b>echo "XTerm*loginShell: true" &gt;&gt; ~/.Xdefaults</b>
 </tt></blockquote>
<p>
You may not have had to do this on other systems, as some installations
of X Window System come with this setting as default.  OpenBSD has
chosen to follow the X.org behavior.
</ul>

<p>
<a name= "motd"></a>
<h2>8.17 - Why does my <tt>/etc/motd</tt> file get overwritten when
I modified it?</h2>

<p>
The <tt>/etc/motd</tt> file is edited upon every boot of the system,
replacing everything up to, but not including, the first blank line
with the system's kernel version information.
When editing this file, make sure that you start after this blank line,
to keep <tt>/etc/rc</tt> from deleting these lines when it edits
<tt>/etc/motd</tt> upon boot.

<p>
<a name= "wwwsolaris"></a>
<h2>8.18 - Why does www.openbsd.org run on Solaris?</h2>

<p>
Although none of the developers think it is particularly relevant, this
question comes up frequently enough in the mailing lists that it is
answered here.  <i>www.openbsd.org</i> and the main OpenBSD ftp site are
hosted at a <a href="http://sunsite.ualberta.ca">SunSITE</a> at the University of Alberta, Canada.   These sites
are hosted on a large Sun system, which has access to lots of storage
space and Internet bandwidth.  The presence of the SunSITE gives the
OpenBSD group access to this bandwidth.  This is why the main site runs
here.  Many of the OpenBSD mirror sites run OpenBSD, but since they do
not have guaranteed access to this large amount of bandwidth, the group
has chosen to run the main site at the University of Alberta SunSITE.

<p>
<a name= "TrueType"></a>
<h2>8.20 - Antialiased and TrueType fonts in X</h2>
<p>
See <a href="truetype.html">this document</a>.

<p>
<a name= "Journaling"></a>
<h2>8.21 - Does OpenBSD support any journaling filesystems?</h2>
<p>
No it doesn't. We use a different mechanism to achieve similar results
called Soft Updates. Please read 
<a href="faq14.html#SoftUpdates">FAQ 14 - Soft Updates</a>
to get more details.  

<p>
<a name= "RevDNS"></a>
<h2>8.22 - Reverse DNS <br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<small>- or -</small><br>
Why is it taking so long for me to log in?</h2>
<p>
Many new users to OpenBSD experience a two minute login delay when using
services such as 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh,</a> 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&amp;sektion=1">ftp,</a> or 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&amp;sektion=1">telnet.</a>  
This can also be experienced when using a proxy, such as 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&amp;sektion=8">ftp-proxy,</a>
or when sending mail out from a workstation through 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&amp;sektion=8">sendmail.</a>
<p>
This is almost always due to a reverse-DNS problem.  DNS is Domain Name
Services, the system the Internet uses to convert a name, such as 
"www.openbsd.org" into a numeric IP address.  Another task of DNS is
the ability to take a numeric address and convert it back to a "name",
this is "Reverse DNS".
<p>
In order to provide better logging, OpenBSD performs a reverse-DNS 
lookup on any machine that attaches to it in many different ways, 
including 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh,</a>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp&amp;sektion=1">ftp,</a> 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&amp;sektion=1">telnet,</a>
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&amp;sektion=8">sendmail</a> or
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&amp;sektion=8">ftp-proxy.</a>
Unfortunately, in some cases, the machine that is making the connection
does not have a proper reverse DNS entry.

<p>
<h3>An example of this situation:</h3> 
A user sets up an OpenBSD box as a firewall and gateway to their
internal home network, mapping all their internal computers to one
external IP using <a href="pf/nat.html">NAT</a>. They may also use it
as an outbound mail relay.  They follow the installation guidelines, and
are very happy with the results, except for one thing -- every time they
try to attach to the box in any way, they end up with a two minute delay
before things happen.

<p>
<h3>What is going on:</h3>
From a workstation behind the NAT of the gateway with an 
<a href="http://www.geektools.com/rfc/rfc1918.txt">unregistered IP</a> 
address of 192.168.1.35, the user uses 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh</a>
to access the gateway system.  The 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh</a>
client prompts for username and password, and sends 
them to the gateway box.  The gateway then tries to figure out who 
is trying to log in by performing a reverse DNS lookup of 
192.168.1.35.  The problem is 192.168.0.0 addresses are for private
use, so a properly configured DNS server outside your network 
knows it should have no information about those addresses.  Some will 
quickly return an error message, in these cases, OpenBSD will assume 
there is no more information to be gained, and it will quickly 
give up and just admit the user.  Other DNS servers will not return 
ANY response. In this case you will find yourself waiting for the OpenBSD 
name resolver to time out, which takes about two minutes before the 
login will be permitted to continue.  In the case of 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ftp-proxy&amp;sektion=8">ftp-proxy</a>, some
ftp clients will timeout before the reverse DNS query times out, leading
to the impression that ftp-proxy isn't working.
<p>
This can be quite annoying.  Fortunately, it is an easy thing to fix.
<p>
<h3>Fix, using <tt>/etc/hosts</tt>:</h3>
The simplest fix is to populate your 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hosts&amp;sektion=5"><tt>/etc/hosts</tt></a> 
file with all the workstations
you have in your internal network, and ensure that your 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&amp;sektion=5"><tt>/etc/resolv.conf</tt></a> 
file contains the line <tt>lookup file bind</tt>
which ensures that the resolver knows to start with the 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hosts&amp;sektion=5"><tt>/etc/hosts</tt></a>
file,
and failing that, to use the DNS servers specified by the "nameserver" 
lines in your 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf&amp;sektion=5"><tt>/etc/resolv.conf</tt></a>
file.

<p>
Your <tt>/etc/hosts</tt> file will look something like this:

<table border=0 width="90%"><tr><td nowrap bgcolor="#EEEEEE"><pre>
::1 localhost.in.example.org localhost
127.0.0.1 localhost.in.example.org localhost
192.168.1.1 gw.in.example.org gw
192.168.1.20 scrappy.in.example.org scrappy
192.168.1.35 shadow.in.example.org shadow
</pre></td></tr></table>

<p>
Your <tt>resolv.conf</tt> file will look something like this:

<table border=0 width="90%"><tr><td nowrap bgcolor="#EEEEEE"><pre>
search in.example.org 
nameserver 24.2.68.33
nameserver 24.2.68.34
lookup file bind
</pre></td></tr></table>

<p>
A common objection to this is "But, I use DHCP for my internal network!
How can I configure my <tt>/etc/hosts</tt>?"  Rather easily, actually.
Just enter lines for all the addresses your DHCP server is going to 
give out, plus any static devices:

<table border=0 width="90%"><tr><td nowrap bgcolor="#EEEEEE"><pre>
::1 localhost.in.example.org localhost
127.0.0.1 localhost.in.example.org localhost
192.168.1.1 gw.in.example.org gw
192.168.1.20 scrappy.in.example.org scrappy
192.168.1.35 shadow.in.example.org shadow
192.168.1.100 d100.in.example.org d100
192.168.1.101 d101.in.example.org d101
192.168.1.102 d102.in.example.org d102
         [... snip ...] 
192.168.1.198 d198.in.example.org d198
192.168.1.199 d199.in.example.org d199
</pre></td></tr></table>

<p>
In this case, I am assuming you have the DHCP range set to 192.168.1.100 
through 192.168.1.199, plus the three static definitions as listed at
the top of the file.
<p>
If your gateway must use DHCP for configuration, you may well find you
have a problem -- 
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhclient&amp;sektion=8">dhclient</a>
will overwrite your <tt>/etc/resolv.conf</tt> every time the lease is
renewed, which will remove the "lookup file bind" line.  This can be
solved by putting the line "lookup file bind" in the file
<tt>/etc/resolv.conf.tail</tt>.

<p>
<h3>Fix, using a local DNS server</h3>
Details on this are somewhat beyond the scope of this document, but the
basic trick is to setup your favorite DNS server, and make sure it knows
it is authoritative for both forward and reverse DNS resolution for all
nodes in your network, and make sure your computers (including your
gateway) know to use it as a DNS server.

<a name= "wwwnotstd"></a>
<h2>8.23 - Why do the OpenBSD web pages not conform to HTML4/XHTML?</h2>
<p>The present web pages have been carefully crafted to
work on a wide variety of actual browsers going back to
browser versions 4.0 and later. We do not want to make
these older pages conform to HTML4 or XHTML until we're
sure that they will also work with older browsers;
it's just not a priority. We welcome new contributors,
but suggest you work on writing code, or
on documenting new aspects of the system, not on
tweaking the existing web pages to conform to newer standards.

<a name= "NTPerror"></a>
<h2>8.24 - Why is my clock off by twenty-some seconds?</h2>

<p>
When using
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&amp;sektion=8">rdate(8)</a>
to synchronize your clock to a NTP server, you may find your clock is 
off by twenty-some seconds from your local definition of time.

<p>
This is caused by a difference between the UTC (Coordinated Universal
Time, based on astronomical observations) time and TAI (International
Atomic Time, based on atomic clocks) time.  To compensate for variations
in the earth's rotation, "leap seconds" are inserted into UTC, but TAI
is unadjusted.  These leap seconds are the cause of this discrepancy.
For a more detailed description, search the web for "<tt>leap seconds
UTC TAI</tt>".

<p>
Addressing the problem is fairly simple.  In most countries you will get
the correct time if you use the "<tt>-c</tt>" parameter to
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rdate&amp;sektion=8">rdate(8)</a>
and use a time zone out of the directory
<tt>/usr/share/zoneinfo/right/</tt>.  For example, if you are located in
Germany, you could use these commands: 

<pre>
     # <b>cd /etc && ln -sf /usr/share/zoneinfo/right/CET localtime</b>
     # <b>rdate -ncv ptbtime1.ptb.de</b>
</pre>

In other countries, the rules may differ.


<a name="TimeZone"></a>
<h2>8.25 -  Why is my clock off by several hours?</h2>

By default, OpenBSD assumes your hardware clock set to UTC (Universal
Coordinated Time) rather than local time, assumed by some other
operating systems, which can cause problems when
<a href="faq4.html#Multibooting">multi-booting</a>.

<p>
Many other operating systems, can be configured to do the
same, which avoids this problem altogether. 
 
<p>
If having the hardware clock set to UTC is a problem, you can change the
default behavior of OpenBSD using
<a href="faq5.html#config">config(8)</a>.
For example, to configure OpenBSD to use a hardware clock set to
US/Eastern (5 hours behind UTC, so 300 minutes):

<blockquote><pre>
# <b>config -ef /bsd</b>
OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
    deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
Enter 'help' for information
ukc> <b>timezone 300</b>
timezone = 300, dst = 0
ukc> <b>quit</b>
Saving modified kernel.
</pre></blockquote>

See
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=options&amp;sektion=4">options(4)</a>
and search for option "TIMEZONE=value" for more information.

<p>
Normally, the time zone is set during install.
If you have need to change the time zone, you can create a new symbolic
link to the appropriate time zone file in <tt>/usr/share/zoneinfo</tt>.
For example, to set the machine to use EST5EDT as the new local time
zone:

<blockquote><pre>
# <b>ln -fs /usr/share/zoneinfo/EST5EDT /etc/localtime</b>
</pre></blockquote>

<p>
See also:
<ul>
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=date&amp;sektion=1">date(1)</a>
<li><a href="#NTPerror">"Why is my clock off by twenty-some seconds?"</a>
<li><a href="faq6.html#OpenNTPD">OpenBSD's NTPD</a>
</ul>


<p>
<font color= "#0000e0">
<a href= "index.html">[FAQ Index]</a>
<a href= "faq7.html">[To Section 7 - Keyboard and Display Controls]</a>
<a href= "faq9.html">[To Section 9 - Migrating to OpenBSD]</a>
</font>

<p>
<hr>
<a href= "index.html"><img height= "24" width= "24" src= "../images/back.gif" border= "0" alt= "[back]"></a> 
<a href= "mailto:www@openbsd.org">www@openbsd.org</a>
<br>
<small>$OpenBSD: faq8.html,v 1.204 2008/05/08 19:32:39 steven Exp $</small>

</body>
</html>
